package com.dayu.finecomm.iot.ssl;

import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * 创建SSLContext
 * 
 * @author XuJialiang
 * @since 2017-09-05 16:22:12
 * @version V1.0.0
 */
public class SslContextFactory {
	static Logger LOGGER = LoggerFactory.getLogger(SslContextFactory.class);

	/**
	 * 加密协议
	 */
	private static final String PROTOCOL = "TLS";

	/**
	 * 本地Http Server SSL
	 */
	private static final SSLContext SERVER_CONTEXT;

	/**
	 * IOT平台Http Server SSL
	 */
	private static final SSLContext IOT_CONTEXT;

	/**
	 * 生成本地Http Server SSL
	 */
	static {
		SSLContext mServerContext = null;

		String mServerKeyStore = "hdkj123!";

		try {
			KeyStore ks = KeyStore.getInstance("JKS");
			ks.load(SslContextFactory.class.getClassLoader()
					.getResourceAsStream("cert\\iot\\server.keystore"),
					mServerKeyStore.toCharArray());

			// Set up key manager factory to use our key store
			KeyManagerFactory kmf = KeyManagerFactory
					.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			kmf.init(ks, mServerKeyStore.toCharArray());

			// truststore
			KeyStore ts = KeyStore.getInstance("JKS");
			ts.load(SslContextFactory.class
					.getClassLoader()
					.getResourceAsStream("cert\\iot\\servertruststore.keystore"),
					mServerKeyStore.toCharArray());

			// Set up trust manager factory to user our trust store
			TrustManagerFactory tmf = TrustManagerFactory
					.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			tmf.init(ts);

			// Initialize the SSLContext to work with our key managers.
			mServerContext = SSLContext.getInstance(PROTOCOL);
			mServerContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
					null);
		} catch (Exception e) {
			LOGGER.error("Faild to initialize the server-side SSLContext", e);
		}

		SERVER_CONTEXT = mServerContext;
	}

	/**
	 * 生成IOT平台Http Server SSL
	 */
	static {
		SSLContext mIotContext = null;

		String SELFCERTPATH = "cert/iot/outgoing.CertwithKey.pkcs12";
		String TRUSTCAPATH = "cert/iot/ca.jks";

		String mSelfKeyStore = "IoM@1234";
		String mTrustKeyStore = "Huawei@123";

		try {
			KeyStore ks = KeyStore.getInstance("pkcs12");
			ks.load(SslContextFactory.class.getClassLoader()
					.getResourceAsStream(SELFCERTPATH), mSelfKeyStore
					.toCharArray());

			// Set up key manager factory to use our key store
			KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
			kmf.init(ks, mSelfKeyStore.toCharArray());

			// truststore
			KeyStore ts = KeyStore.getInstance("jks");
			ts.load(SslContextFactory.class.getClassLoader()
					.getResourceAsStream(TRUSTCAPATH), mTrustKeyStore
					.toCharArray());

			// Set up trust manager factory to user our trust store
			TrustManagerFactory tmf = TrustManagerFactory
					.getInstance("sunx509");
			tmf.init(ts);

			// Initialize the SSLContext to work with our key managers.
			mIotContext = SSLContext.getInstance(PROTOCOL);
			mIotContext
					.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
		} catch (Exception e) {
			LOGGER.error("Faild to initialize the iot-side SSLContext", e);
		}

		IOT_CONTEXT = mIotContext;
	}

	/**
	 * 获取本地Server SSLContext
	 * 
	 * @return SSLContext
	 */
	public static SSLContext getServerContext() {
		return SERVER_CONTEXT;
	}

	/**
	 * 获取IOT平台 SSLContext
	 * 
	 * @return SSLContext
	 */
	public static SSLContext getIotContext() {
		return IOT_CONTEXT;
	}
}
